Enterprise Private Cloud OpenStack Deployment in 20 Minutes (Part 1)

Transcription

1 Enterprise Private Cloud OpenStack Deployment in 20 Minutes (Part 1) Introduction Welcome to this Oracle Open World lab thanks for joining us. This lab will take you through the basics of how to configure OpenStack on Oracle Solaris 11. OpenStack is a popular open source cloud infrastructure that has been integrated into Oracle Solaris OpenStack includes a number of services that help you manage the compute, storage and network resources in your data center through a central web based dashboard. These services can be summarized as the following: Service Name Nova Cinder Neutron Keystone Glance Horizon Description Compute virtualization Block storage Software Defined Networking (SDN) Authentication between cloud services Image management and deployment Web based dashboard For this lab and the time allocated to us, we will simply set up OpenStack in a single node instance. For a typical enterprise deployment, these services would be spread across multiple nodes with load balancing and other high availability capabilities. With the Oracle Solaris 11.2 release, a new archive format was introduced called Unified Archives. Unified Archives provide easy golden image style deployment, allowing administrators to quickly snapshot a running system and deploy it as clones within a cloud environment. Using this technology, an OpenStack based

2 Unified Archive was created and made available which makes deploying this complex software easy on a single node: storage/solaris11/downloads/unified- archives html However, for this lab we will choose a manual route to give you more experience with the OpenStack services and how they are configured. Lab Setup This lab has the following set up: Oracle Solaris 11.2 (root password is solaris11) Hostname of solaris, IP address range of /21 IPS repository clone at /repository/publishers/solaris OpenStack configuration script located in /root/hol_single_host.py Oracle Solaris Non- Global Zone Unified Archive located in /root/ngzarchive.uar To start with, open up a Terminal window in the host OS and start an SSH connection with root/solaris11 as the user/password combination: # ssh Password: Oracle Corporation SunOS June Installing the OpenStack packages First we will install the OpenStack packages from the IPS package repository as follows: # pkg install openstack rabbitmq rad-evs-controller Packages to install: 182 Services to change: 3 Create boot environment: No Create backup boot environment: Yes DOWNLOAD PKGS FILES XFER (MB) SPEED Completed 182/ / / k/s PHASE ITEMS Installing new actions 26599/26599 Updating package state database Done Updating package cache 0/0 Updating image state Done Creating fast lookup database Done Updating package cache 1/1 Now that we have successfully installed these packages, we will need to restart the rad:local SMF service. RAD (the Remote Administration Daemon) provides programmatic access to the administrative interfaces on Oracle Solaris 11 that we use in the Oracle Solaris plugins for OpenStack. # svcadm restart rad:local We will also need to enable the RabbitMQ service. RabbitMQ is a messaging system that enables communication between the core OpenStack services.

3 # svcadm enable rabbitmq # svcs rabbitmq STATE STIME FMRI online 23:58:04 svc:/application/rabbitmq:default 2. Configuring Keystone Keystone provides authentication between the core OpenStack services. It will be the first service that we will configure and enable. OpenStack uses a series of configuration files with defined sections that include key/value pairs. For this first service, we will manually configure the appropriate settings, but all future services will use a script for convenience. Edit /etc/keystone/keystone.conf and ensure the following settings are set as below: [DEFAULT] admin_token = ADMIN [identity] driver = keystone.identity.backends.sql.identity [catalog] driver = keystone.catalog.backends.sql.catalog [token] provider = keystone.token.providers.uuid.provider [signing] token_format = UUID Now enable the Keystone service: # svcadm enable -rs keystone # svcs keystone STATE STIME FMRI online 23:59:31 svc:/application/openstack/keystone:default In order to allow for successful authentication, we will need to populate the Keystone database with a number of users across different tenants that reflect the core OpenStack services. In our case we will use sample data provided by a script. In a production deployment you would associate Keystone with a directory service such as LDAP or Active Directory. User Tenant Password admin demo secrete nova service nova cinder service cinder neutron service neutron glance service glance Let s run this script now: # /usr/demo/openstack/keystone/sample_data.sh Property Value

5 bdefb773d3c61fed79d96c5540f9766 admin True 8b54a70c235ee1179f15a198a70be099 cinder True 7949ac987dd5c514e778ba ec2 True d79d19dc2945ed758747c2e2d8ab7e89 glance True ac11eb0e1aed68f2c c8bade5 neutron True d9e6d0ddfbaf4ca6a6ee9bb951877d3d nova True eb3237eea75ae619aba6cf75a49f798f swift True Configuring Glance Glance is a service that provides image management in OpenStack. It responsible for storing the array of images that you use to install onto the compute notes when you create new VM instances. It is comprised of a few different services that we will need to configure first. For convenience we have provided a script to be able to do this quickly: #./hol_single_host.py glance configuring glance This script will configure the following files: /etc/glance/glance- api.conf /etc/glance/glance- registry.conf /etc/glance/glance- cache.conf /etc/glance/glance- api- paste.ini /etc/glance/glance- registry- paste.ini /etc/glance/glance- scrubber.conf and provide the appropriate configuration for the Glance endpoints (usually for the user and password information). Let s now enable the Glance services: # svcadm enable -rs glance-api glance-db glance-registry glance-scrubber We can check that this configuration is correct with the following: # export OS_AUTH_URL=http://localhost:5000/v2.0/ # export OS_PASSWORD=glance # export OS_USERNAME=glance # export OS_TENANT_NAME=service # glance image-list ID Name Disk Format Container Format Size Status As we can see from the above, we have successfully contacted the image registry, but there are no images currently loaded into Glance. The next step will be to populate Glance with an image that we can use for our instances. In the Oracle Solaris implementation we take advantage of a new archive type called Unified Archives. You may either choose to use an archive that we have provided as part of this VM or create your own archive:

9 37f73649-a046-e40c-eb34-e2b914c22005 Base Zone raw bare active Configuring Nova Nova is the compute service in OpenStack responsible for scheduling and deploying new instances when required. Like Glance, it is comprised of several different services that need to be configured and enabled. We will use our script again to do this quickly: #./hol_single_host.py nova configuring nova Nova does require a little more care in terms of the start order of services, so we will first enable the conductor service (which essentially proxies access to the Nova database from the compute nodes), and then the rest of the services: # svcadm enable -rs nova-conductor # svcadm enable -rs nova-api-ec2 nova-api-osapi-compute nova-scheduler nova-cert novacompute Let s check that Nova is functioning correctly by setting up some environmental variables and viewing the endpoints: # export OS_AUTH_URL=http://localhost:5000/v2.0/ # export OS_PASSWORD=nova # export OS_USERNAME=nova # export OS_TENANT_NAME=service # nova endpoints nova Value adminurl id 08eb495c11864f67d4a0e58c8ce53e8b internalurl publicurl servicename nova neutron Value adminurl id 96e693c539c0ca3ee5f0c04e958c33fe internalurl publicurl glance Value adminurl id 121ad7a65c0fce b2c0c7c3fb internalurl publicurl cinder Value adminurl id ee83dab8b39d4d0ad480a75cadb965dc internalurl publicurl

10 ec2 Value adminurl id 1558b719141ae2fed54ff0bfe80cb646 internalurl publicurl swift Value adminurl id 51f1908de52f68af984c e0b internalurl publicurl keystone Value adminurl id 371c73559bd842d6b961d021eeeaa2e5 internalurl publicurl It looks to be functioning properly, so we can continue. 5. Configuring Cinder Cinder provides block storage in OpenStack typically the storage that you would use to attach to compute instances. As before, we will need to configure and enable several services: #./hol_single_host.py cinder configuring cinder # svcadm enable -rs cinder-api cinder-db cinder-scheduler cinder-volume:setup cindervolume:default Again, let s double check that everything is working ok: # export OS_AUTH_URL=http://localhost:5000/v2.0/ # export OS_PASSWORD=cinder # export OS_USERNAME=cinder # export OS_TENANT_NAME=service # cinder list ID Status Display Name Size Volume Type Bootable Attached to This looks correct as we have not allocated any block storage to date. 6. Configuring Neutron Neutron provides networking capabilities in OpenStack, enabling VMs to talk to each other within the same tenants and subnets, and directly to the outside world. This is achieved using a number of different services. Behind the Oracle Solaris implementation is the Elastic Virtual Switch (EVS) that provides the necessary plumbing to span multiple compute nodes and route traffic appropriately. We will need to do some configuration outside OpenStack to provide a level of trust between EVS and Neutron using SSH keys and RAD.

11 Let s first generate SSH keys for evsuser, neutron and root users: # su - evsuser -c "ssh-keygen -N '' -f /var/user/evsuser/.ssh/id_rsa -t rsa" Generating public/private rsa key pair. Your identification has been saved in /var/user/evsuser/.ssh/id_rsa. Your public key has been saved in /var/user/evsuser/.ssh/id_rsa.pub. The key fingerprint is: 13:cb:06:c4:88:5e:10:7d:84:8b:c8:38:30:83:89:9f # su - neutron -c "ssh-keygen -N '' -f /var/lib/neutron/.ssh/id_rsa -t rsa" Generating public/private rsa key pair. Created directory '/var/lib/neutron/.ssh'. Your identification has been saved in /var/lib/neutron/.ssh/id_rsa. Your public key has been saved in /var/lib/neutron/.ssh/id_rsa.pub. The key fingerprint is: 13:d6:ef:22:4b:f0:cf:9f:14:e3:ee:50:05:1a:c7:a5 # ssh-keygen -N '' -f /root/.ssh/id_rsa -t rsa Generating public/private rsa key pair. Created directory '/root/.ssh'. Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: c1:6f:a5:38:fc:11:85:16:ad:1d:ad:cd:2f:38:ce:26 We then need to take the various SSH public keys and include them in authorized_keys to provide password less access between these services: # cat /var/user/evsuser/.ssh/id_rsa.pub /var/lib/neutron/.ssh/id_rsa.pub /root/.ssh/id_rsa.pub >> /var/user/evsuser/.ssh/authorized_keys Finally, we need to quickly log into these and answer the one time prompt: # su - evsuser -c "ssh true" The authenticity of host 'localhost (::1)' can't be established. RSA key fingerprint is 36:9b:74:4b:e9:57:11:70:bc:71:d6:4d:77:b4:74:b3. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (RSA) to the list of known hosts. # su - neutron -c "ssh true" The authenticity of host 'localhost (::1)' can't be established. RSA key fingerprint is 36:9b:74:4b:e9:57:11:70:bc:71:d6:4d:77:b4:74:b3. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (RSA) to the list of known hosts. # ssh true The authenticity of host 'localhost (::1)' can't be established. RSA key fingerprint is 36:9b:74:4b:e9:57:11:70:bc:71:d6:4d:77:b4:74:b3. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (RSA) to the list of known hosts. EVS uses the concept of a controller to manage the elastic virtual switch across the resources in the data center. We need to set the configuration to this single host and initialize the EVS database: # evsadm set-prop -p # evsadm # evsadm show-prop PROPERTY PERM VALUE DEFAULT controller rw -- For this setup, we will use VXLANs to appropriately tag our network traffic and provide isolation. We can do this configuration as follows: # evsadm set-controlprop -p l2-type=vxlan # evsadm set-controlprop -p vxlan-range= We will also need to set the uplink port for the controller to be net0 (the only NIC available to us):

13 After signing in you will see the main dashboard for the OpenStack administrator. On the left part of the screen you will see two tabs one that shows the administration panel, the other that shows the project panel that gives us the list of projects that this current user is a member of. We can think of projects as a way to provide organizational groupings. Instead of launching an instance as an administrator, let s go and create a new user under the Admin tab. Select the Users menu entry to display the following screen.

14 We can see that there are a few users already defined these users either represent the administrator or are for the various OpenStack services. Let s go ahead and click on the Create User button and fill in some details for this user. We will include them in the demo project for now, but we could equally have created a new project if we wanted to.

15 Sign out and log in as this new user. The next thing we need to do is to add a keypair for our user. Choose the Access & Security menu entry to get the following screen: There are no keypairs currently defined. Let s go ahead by clicking the Import Keypair button. In our case let s use the SSH public key of our global zone: cat.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0Khp4Th5VcKQW4LttqzKAR8O60gj43cB0CbdpiizEhXEbVgjI7IlnZlo9i SEFpJlnZrFQC8MU2L7Hn+CD5nXLT/uK90eAEVXVqwc4Y7IVbEjrABQyB74sGnJy+SHsCGgetjwVrifR9fkxFHg jxxkounxrpme86hdjrpzljfgyzzezjrtd1erwvnshhjdzmuac7cilfjen/wssm8tosakh+zwehwy3o08nzg2iw dmimpbwpwtrohjsh3w7xkde85d7uzebnjpd9kdaw6omxsy5clgv6geouexz/j4k29worr1xkr3jirqqlf3kw4y uk9jui/gphg2ltohisgjoelorq== Having successfully imported the SSH keypair, let s now create a network for this instance. Choose the Networks menu entry to get the following screen:

16 There are no networks currently defined. Let s create a network by clicking on the Create Network button. Let s create a network called mynetwork with a subnet called mysubnet using the x.0/24 address range. This means that instances that choose this network will be created within this range starting at x.3. Once we create our network, we should see it successfully created in the following screen:

17 Now we are ready to launch a new instance. Choose the Instances menu entry to get the following screen: 9. Launching an Instance Let s launch a new instance by clicking on the Launch Instance button. We will call our instance myinstance. We will give it an Oracle Solaris non- global zone tiny flavor. Flavors represent the size of the resources that we should give this instance. We can see here that we will get a root disk of 10GB and 2,048MB RAM. We will choose to boot this instance from the image that s stored in Glance that we uploaded called Base Zone.

18 Once we are happy with the Details tab, we can move onto the Access & Security tab. We can see that our keypair has been pre- selected, so we can immediately move on to the Networking tab. Here we will need to select mynetwork as our next. Once we have finished this, we can click on the Launch button. After a little bit of time we can see that our instance has successfully booted with an IP address of x.3.

19 We are now ready to log into this instance. In this lab we took the simple path of just setting up an internal network topology. In a typical cloud environment we would set up an external network that VMs could communicate through to the outside world. To access these VMs, we will need to access them through the global zone. ssh The authenticity of host ' ( )' can't be established. RSA key fingerprint is 89:64:96:91:67:ab:6b:35:58:37:35:b8:ab:f3:e5:98. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ' ' (RSA) to the list of known hosts. Last login: Thu Sep 11 00:33: Oracle Corporation SunOS June 2014 ipadm NAME CLASS/TYPE STATE UNDER ADDR lo0 loopback ok lo0/v4 static ok /8 lo0/v6 static ok -- ::1/128 net0 ip ok net0/dhcp inherited ok /24 exit logout Connection to closed. 10. Behind the Scenes From the global zone, let s see what has been created with OpenStack. Let s first check to see what zones have been created: zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared 2 instance running /system/zones/instance solaris excl We can see that we have one non-global zone successfully running which corresponds to our Nova instance. Let s now check to see what networks have been created for this: ipadm NAME CLASS/TYPE STATE UNDER ADDR evsaf75747a_3_0 ip ok evsaf75747a_3_0/v4 static ok /24 lo0 loopback ok lo0/v4 static ok /8 lo0/v6 static ok -- ::1/128 net0 ip ok net0/v4 static ok /24

Enterprise Private Cloud Fast and Secure App Deployment with OpenStack (Part 2) Introduction Welcome to this Oracle Open World lab thanks for joining us. This lab will take you through the basics of using

Guide to the LBaaS plugin ver. 1.0.2 for Fuel Load Balancing plugin for Fuel LBaaS (Load Balancing as a Service) is currently an advanced service of Neutron that provides load balancing for Neutron multi

Tutorial Getting Started with the CLI and APIs using Cisco Openstack Private Cloud In this tutorial we will describe how to get started with the OpenStack APIs using the command line, the REST interface

Murano User Guide Murano User Guide v0.2 Publication date 2013-09-09 Abstract This document is intended for individuals who wish to use Murano Product. Table of Contents 1. How can I use Murano Service?...

1 Keystone OpenStack Identity Service In this chapter, we will cover: Creating a sandbox environment using VirtualBox and Vagrant Configuring the Ubuntu Cloud Archive Installing OpenStack Identity Service

Getting Started with OpenStack Charles Eckel, Cisco DevNet (eckelcu@cisco.com) Agenda What is OpenStack? Use cases and work loads Demo: Install and operate OpenStack on your laptop Getting help and additional

Getting Started with HP Helion OpenStack Using the Virtual Cloud Installation Method 1 What is OpenStack Cloud Software? A series of interrelated projects that control pools of compute, storage, and networking

Release Notes for Fuel and Fuel Web Version 3.0.1 June 21, 2013 1 Mirantis, Inc. is releasing version 3.0.1 of the Fuel Library and Fuel Web products. This is a cumulative maintenance release to the previously

experimental Infrastructures for the Future Internet 1st Training Session Berlin, May 15th, 2014 www.fi-xifi.eu A very brief survey of how to use XIFI and FI-OPS XIFI FOR DEVELOPERS Agenda Introduction

Installing and Using the vnios Trial The vnios Trial is a software package designed for efficient evaluation of the Infoblox vnios appliance platform. Providing the complete suite of DNS, DHCP and IPAM

Configure Single Sign on Between Domino and WPS What we are doing here? Ok now we have the WPS server configured and running with Domino as the LDAP directory. Now we are going to configure Single Sign

Virtual Managment Appliance Setup Guide 2 Sophos Installing a Virtual Appliance Installing a Virtual Appliance As an alternative to the hardware-based version of the Sophos Web Appliance, you can deploy

User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner

OpenStack Cloud Computing Cookbook Kevin Jackson Chapter No.3 "Keystone OpenStack Identity Service" In this package, you will find: A Biography of the author of the book A preview chapter from the book,

Trial environment setup Exchange Server Archiver - 3.0 Introduction This document describes how you can set up a trial environment for using Exchange Server Archiver with Exchange Server 2007. You do not

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide This document is intended to help you get started using WebSpy Vantage Ultimate and the Web Module. For more detailed information, please see

Virtual Appliance for VMware Server Getting Started Guide Revision 2.0.2 Warning and Disclaimer This document is designed to provide information about the configuration and installation of the CensorNet

vrealize Automation 6.2.3 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

IBM WebSphere Application Server Version 7.0 Centralized Installation Manager for IBM WebSphere Application Server Network Deployment Version 7.0 Note: Before using this information, be sure to read the

The Virtual Appliance includes the same powerful technology and simple Web based user interface found on the Barracuda Web Application Firewall hardware appliance. It is designed for easy deployment on

XenServer Web Self Service Installation Guide Version 1.1.2 XenServer Web Self Service Installation Guide Version 1.1.2 Copyright and Trademark Notice Use of the product documented in this guide is subject

Metalogix SharePoint Backup Publication Date: August 24, 2015 All Rights Reserved. This software is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this

Web Application Firewall Getting Started Guide August 3, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link: ftp://ftp.software.ibm.com/storage/tivoli-storagemanagement/maintenance/client/v6r2/windows/x32/v623/

The next-generation Juniper Networks JunosV Wireless LAN Controller is a virtual controller using a cloud-based architecture with physical access points. The current functionality of a physical controller

SUSE Cloud 5 www.suse.com February 20, 2015 OpenStack End User Guide OpenStack End User Guide Abstract OpenStack is an open-source cloud computing platform for public and private clouds. A series of interrelated

#1 HyperConverged Appliance for SMB and ROBO StarWind Virtual SAN Installation and Configuration of Hyper-Converged 2 Nodes with MARCH 2015 TECHNICAL PAPER Trademarks StarWind, StarWind Software and the

Using Delphix Server with Microsoft SQL Server (BETA) Table of Contents Architecture High level components in linking a SQL Server database to Delphix High level components in provisioning a SQL Server

Administrator Guide JustSSO is a Single Sign On (SSO) solution specially developed to integrate Google Apps suite to your Directory Service. Product developed by Just Digital v 11 Index Overview... 3 Main

Introduction: ADFS 2.0 Application Director Blueprint Deployment Guide Active Directory Federation Service (ADFS) is a software component from Microsoft that allows users to use single sign-on (SSO) to

HP Client Automation Standard Fast Track guide Background Client Automation Version This document is designed to be used as a fast track guide to installing and configuring Hewlett Packard Client Automation

vcloud Automation Center 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions

Notes: STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER 1. These instructions focus on installation on Windows Terminal Server (WTS), but are applicable

Single Node Hadoop Cluster Setup This document describes how to create Hadoop Single Node cluster in just 30 Minutes on Amazon EC2 cloud. You will learn following topics. Click Here to watch these steps

Installation Instruction STATISTICA Enterprise Small Business Notes: ❶ The installation of STATISTICA Enterprise Small Business entails two parts: a) a server installation, and b) workstation installations